Kai Thorsrud Posted October 11, 2023 Share Posted October 11, 2023 Hi, I do complete terraform deployments with more or less all features available. I have developed seperate Modules that Deploys a Netscaler in azureConfigure an entire netscaler according to best practise (With A+ ssllabs)Deploy Botnet Protection Deploy WAF Deploy OAuth 2.0 v2 MSAL for applicationsDeploy a web application (or any application with any protocol with or without custom monitors)Deploy OAuth 2.0 v2 MSAL JWT with Token Cache so i can protect legacy API´s as a modern API GatewayDeploy CAG for XenApp / XenDesk with SAML to connect with Storefront+FASHandle Certificates for all Applications and updating them as they changeMy upcoming challenge will be: How to handle WAF Rulesets for persistent deploys. In a Blue/Green or Canary Environment i need to be able to handle rules (beeing learned data) using code to have a consistent ruleset Beeing able to deploy WAF rules using code is a big plus as independent audits and revisioning of our internet exposed infrastructure becomes possible. Zero Trust is the key for me. Nothing enters our network w/o proper authentication from Azure. Once Authenticated and Authorized WAF+BotNet = key.Do you have any advice on how to solve these challenges ? In a real life enterprise scenario this is a challenge to solve. Netscaler is a big business enabler for enterprises since all code cannot be refactored easily. Such a migration is a 5-10 year challenge. Netscaler really bridges the gap in a hybrid environment Link to comment Share on other sites More sharing options...
Sumanth Lingappa Posted October 12, 2023 Share Posted October 12, 2023 Hello @Kai Thorsrud, great to see you in the community.Can you please help me understand -Do you need help from the WAF feature OR the terraform?Sumanth Link to comment Share on other sites More sharing options...
Kai Thorsrud Posted October 12, 2023 Author Share Posted October 12, 2023 Hi and thank you for your time to answer me.I need help with this.. This is not supported by your terraform provider. See link in the bottom of this postI was supposed to have a meeting with Konstantinos Kaltsas where i wanted to demonstrate how cool Netscaler can actually be in large real life scenarios.We scheduled meetings 3 times and every time i had to cancel because i am so busy with work. Now i am even more busy,This post is the best i am able todo. (I code,sleep,eat,workout to get stronger and stronger,family, repeat)https://github.com/citrix/terraform-provider-citrixadc/issues/1037 Link to comment Share on other sites More sharing options...
Kai Thorsrud Posted October 12, 2023 Author Share Posted October 12, 2023 Btw: I do run all on github + azure devops. i use pipelines. Link to comment Share on other sites More sharing options...
Morten Kallesøe Posted October 23, 2023 Share Posted October 23, 2023 Hi Kai, is Dynamic learning client not what you are looking for?I read the post on github, and from my understanding of it, you are contradicting your self, you want persistent configuration steps of the learned data, but learned data is dynamic, so how would you store that in a persistent world?I am like the others, also a little bit lacking exactly what is missing. Link to comment Share on other sites More sharing options...
Kai Thorsrud Posted November 19, 2023 Author Share Posted November 19, 2023 Hi morten. A pure dynamic learning client creates ineffective rules, duplicate rules and also if you have an infected client you can feed the WAF with security issues. Furthermore in real life scenarios whenever i use dynamic learning clients the ns.logs will fill up with dynamic learning client detecting new rules and whenever the NS tries to add the rule Netscaler will report "Rule Already exisists".Dynamic Learning is not mature yet.Typically what i do is to construct manual WAF Rules because they are more effective than dynamic rules. i.e take a swagger definition and create rules from that, then use knowledge of HTTP, HTML, my SANS Certifications on redteam/blueteam work to implement rules. Link to comment Share on other sites More sharing options...
Kai Thorsrud Posted November 19, 2023 Author Share Posted November 19, 2023 This is how i do cloud environments with Netscaler: see attached drawing Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now